Commit 7660666d authored by Romain Bignon's avatar Romain Bignon

break the fucking new protection made by faggots of Banque Populaire

parent b5dcc258
......@@ -97,6 +97,7 @@ class BanquePopulaire(Browser):
self.select_form(nr=0)
self.set_all_readonly(False)
self['dialogActionPerformed'] = 'EQUIPEMENT_COMPLET'
self['token'] = self.page.build_token(self['token'])
self.submit()
def get_accounts_list(self):
......@@ -112,6 +113,7 @@ class BanquePopulaire(Browser):
if not self.is_on_page(AccountsPage):
self.go_on_accounts_list()
next_page['token'] = self.page.build_token(self.page.get_token())
self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(next_page))
for a in self.page.iter_accounts():
......@@ -137,6 +139,8 @@ class BanquePopulaire(Browser):
if params is None:
return
params['token'] = self.page.build_token(params['token'])
self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(params))
self.token = self.page.get_token()
......@@ -147,6 +151,7 @@ class BanquePopulaire(Browser):
if len(self.page.document.xpath('//a[@id="tcl4_srt"]')) > 0:
self.select_form(predicate=lambda form: form.attrs.get('id', '') == 'myForm')
self.form.action = self.absurl('/cyber/internet/Sort.do?property=tbl1&sortBlocId=blc2&columnName=dateValeur')
params['token'] = self.page.build_token(params['token'])
self.submit()
while True:
......
......@@ -60,6 +60,32 @@ class BasePage(_BasePage):
def get_token(self):
return self.parser.select(self.document.getroot(), '//form//input[@name="token"]', 1, 'xpath').attrib['value']
def build_token(self, token):
"""
These fucking faggots have introduced a new protection on the token.
Each time there is a call to SAB (selectActionButton), the token
available in the form is modified with a key available in JS:
ipsff(function(){TW().ipthk([12, 25, 17, 5, 23, 26, 15, 30, 6]);});
Each value of the array is an index for the current token to append the
char at this position at the end of the token.
"""
table = None
for script in self.document.xpath('//script'):
if script.text is None:
continue
m = re.search(r'ipthk\(([^\)]+)\)', script.text, flags=re.MULTILINE)
if m:
table = json.loads(m.group(1))
if table is None:
return token
for i in table:
token += token[i]
return token
class RedirectPage(BasePage):
"""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment